> If you want to set ACLs of domain users and groups, you have to run winbindd > regardless of AD env. or not. > > # You can set ACLs of server local users and groups without running winbindd.
Hmm... I was working from: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2604553 I have NSS setup to resolve via LDAP, which contains all of the appropriate user/group information that samba should need. The second heading on this page, "Winbind is not used; users and groups resolved via NSS" seemed to read as though I didn't actually need winbind. My concern here is that winbind appears to be necessary to create unix users for non-existent Windows NT domain users. This isn't our case... ever user available in the Windows NT domain (managed by the samba PDC/BDC) exist in LDAP and, therefore, unix as well. Regardless... I enable winbind and the behavior is the same. Once winbind is started, I can query most users (wbinfo -u) and groups (wbinfo -g). For some reason, some groups don't show. We have many groups and users, so I haven't checked them all, but a spot check suggests there are some missing. Mark -- ---------- I'd rather be burning carbohydrates than hydrocarbons -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba